Skip to content ↓ | Skip to navigation ↓

When we talk about who our mentors are, many assign the role to that of a former teacher, an omnipresent icon, a past or present boss, or some other who played a significant role in our personal and professional development.

We reached out to some well known security gurus to find out who they considered to be their mentors and asked them to explain the role their mentors played in shaping who they are today.

There were two very interesting results from this informal survey of leading infosec pros, the first being that about half of the respondents indicated they could not necessarily pinpoint anyone in their career development who they would specifically describe as being their mentor.

In stark contrast, nearly as many who participated found it hard to narrow the field down to just one or even several individuals, and the passion with which they spoke of their mentors and the positive influence they had on their development was readily apparent.

Mike Dahn, Head of Data Security Relations at Square, offered the observation that “traditionally we look to individuals who are more advanced in their career to mentor us and act like a Sherpa guide who help us navigate the waters of life, career, family, and ourselves.”

“When people ask me for advice I often relay to them a story of something I’ve experienced but more often I tell them a story of someone who has impacted my life. I’m just the messenger, and that is how we should view mentorship,” Dahn said.

In a similar vein, Josh Corman emphasized that a great mentor does not necessarily have to be someone who has the kind of job or skill set that one would want to emulate, they can simply possess character elements that we admire and feel are worthy of emulation.

In the three installments of this series, we look at those who fall into three broad categories: The influencers, the bosses, and the peers. First up are the influencers, those mentors who are recognized as being the catalysts responsible for landing our respondents where they are today:

Gene Kim (@RealGeneKim), Founder and Former CTO of Tripwire, Author of The Phoenix Project, All Around Genius

My mentor and a major influence on my career is Dr. Gene Spafford (@TheRealSpaf), one of the true luminaries and pioneers in the information security profession. In fact, the reason I went to Purdue University in 1990 was because of the seminal paper he wrote on the 1988 Internet Morris Worm.

Imagine how awed and amazed I was to be taking undergraduate classes from him, and then later taking graduate courses – which in turn led me to be “asked” to the “leave” the engineering program.

Dr. Spafford is a true boundary-spanner, showing how in order for the information security field to truly succeed as a profession that it requires knowledge from business, the humanities, psychology and even philosophy. I am grateful for everything Spaf has done for me, and all the other students he’s helped.

I like to think that I solved a big problem for him and his wife when I bought his 1975 Oldsmobile Cutlass for $200, which kept me rolling around in style for 2 years. Until I lost it…

Josh Corman (@JoshCorman), Director of Security Intelligence at Akamai Technologies

Three key mentors have influenced my career path and overall philosophy, though in reality there are many more. The first is Dan Geer, CISO at In-Q-Tel, who brings a thoroughly ‘hard sciences’ background to security, which appeals to a part of me, particularly his emphasis on quality metrics and his analogous comparisons between aspects of immunology and the art of information security whichm are absolutely brilliant.

Though we have never worked for the same employer, it’s Geer’s ability to analyze security issues through complex and rigorous methodologies that has led me to emulate him in many aspects of my work and in the various talks I have delivered over the years. I consider Geer to be our industry’s left brain.

Next is Richard Thieme (@NeuralCowboy), an accomplished author and speaker who has a background rooted in spirituality. Thieme studied at the Seabury Western Theological Seminary and was an ordained Episcopal priest who later became interested in the impact technology has on religious beliefs and the concept of identity.

Thieme is truly a one of a kind, especially in this field. Where Geer is our left brain, Thieme is most definitely his counterpart as our right brain. In fact, he is no less than the heart, soul and poet laureate of the security field, and he has deeply influenced my understanding of the more philosophical aspects of security, a field that many consider to be a wholly technical endeavor.

In a rare treat, I was able to interview both Dan and Richard (left & right brains) during a “fireside chat” for a SOURCE Boston 2013 Keynote. Of special note, Dan closed his comments by reciting Rudyard Kipling’s poem “If” from memory (at 50 minutes). Richard then closed by reciting the last bits of “Ferg’s Law” from his “Islands in the Clickstream”. Watch this rare and special conversation here:

Rounding out my trio of mentors is a world class critic, strategist and systems thinker Duncan Hoopes (@DuncRH) who conducts Security Management within IBM Security, and is very Socratic in his thinking and in the way in which he engages others. He has the uncanny ability to break down extremely complex issues that make them more accessible to people with a less technical background, making him a very effective communicator.

Hoopes forced me to read The Goal, a novel about a failing US manufacturing plant. I asked him what the heck this had to do with security, and he told me that if I truly wanted to transform the security industry, I’d have to understand how The Goal and The Theory of Constraints transformed theirs.

Our intense white boarding, debates, and hunger for ‘first principles’ have had a significant impact on my work and inspired many of the key underlying aspects of Rugged Software, Rugged DevOps, and many of my ‘models’. It also put me on paths to find future kindred critical thinkers and collaborators like Gene Kim, Alex Hutton, and Jericho.

Bev Robb (@Teksquisite), IT Consultant at Teksquisit Consulting

My mentor is Kurt Kovac, who currently directs resourcing at the UBS Central Test Factory (banking) in Zurich, Switzerland. He was always a certification geek: ITIL v3 Foundation; SCSA; MCSE; MCP; CNA; A+ and perhaps many that I am not aware of.

Back in the day, I was involved with writers/poetry and thinking of framing my first novel. Computers were just boxes that allowed me to indulge in word processing, though I was curious about Microsoft operating systems – but computing was not a passion.

I could have been an entirely different person today had I never met Kurt. But, his friendship lit a fire for anything Cmdline. Kurt definitely influenced me with his Unix/Linux expertise, as well as his hacking skills – ermmm, penetration testing skills. I could ask him anything and he would either show me or find an answer. He will always be the friend/mentor who introduced me to Unix/Linux and he will always be the friend/mentor whose advice I value most.

I worked with Kurt in the Southern Oregon University networking department (when I went back to college as a nontraditional student). It was through his mentoring that I learned quite a bit about Linux, MySQL, Perl, PHP, Unix, and networking. His initial Unix/Linux mentoring led me into other areas of curiosity such as checking out other university databases; developing a strong interest in malware; and generally picking apart the windows operating system to see how and why it was vulnerable.

I once had a panel interview in 2002 for a scripting position with Kraft Foods in Parsippany, NJ. Unfortunately, I was unaware that my headhunter had revised my resume to reflect that I could resolve viruses through Internet Explorer. I would have become quite the anomaly to the security world had it been true. The most difficult part of the interview was trying to convince a panel of five that I did not place that skill on my resume. During this process I thought what would Kurt do? I knew that he would not argue a point that met on deaf ears, so I graciously told them that the interview was finished and that I had to leave. I believe Kurt is a resource that can be counted on.

Jeremiah Grossman (@JeremiahG), Founder and CTO of WhiteHat Security

The two most influential had to be John Davidson and John Dean, who both came at the very beginning of my entrepreneurial start — namely, WhiteHat Security (it’s first two investors). They were the two who believed in me first when the idea of how we wanted to change the world was little more than an idea, a dream, and at a time when basically no one else did. Both of them are extremely accomplished, impressively so.

Dean has been president and chairman of several banks, operated as start-up venture capitalist, founded his own VC firm, advised a great many companies in a board level capacity, and is even a former Peace Corps volunteer. While all of that is great, what mattered to me the most was his constant flow of personal anecdotes, the thoughtfulness that he puts in to cultivating personal and professional relationships, and his approach to business dealings.

One piece of wisdom in particular greatly influenced my life: “Interests must be in alignment.” Dean always said that, meaning that life or business is NOT a zero sum game. Everyone can and should be able to win if interests are aligned. I’ve tried to apply that to every business dealing, employee hire, and security strategy. Let me tell ya, it works.

John Davidson is a Computer Science PhD with roots back to ARPANET and the first implementation of TCP/IP. He’s also an entrepreneur whose first company was Ungermann-Bass, the networking industry’s first Local Area Networking company. He’s also been an angel investor, board level advisor to many start-ups, and worked with John Dean to start their VC firm.

Again, a very impressive background, but these facts alone don’t do the man any justice. For Davidson, accomplishment and ambition is all about quality of character and keeping of one’s integrity intact, and not just when things are easy, but especially when things are at their hardest.

If you can accomplish that, Davidson taught me, people will be able to depend upon you and trust you. When you work in security, what could be more important or more valuable than that? The ability to provide peace of mind in a environment dominated by fear.

Javvad Malik (@J4vv4D), Security Analyst at The 451 Group

There are those I like to call the believers – infosec legends like Stephen Bonner (@StephenBonner), Brian Honan (@BrianHonan) and Wim Remes (@WimRemes). I used to look up to these fine gentlemen a long long before anyone even knew who I was, and to this day I still look up to them.

They showed me the value of “giving without expectation of any return.” I must have been extremely annoying towards all of them, asking for advice, hints and tips on career development, opportunities, and for feeding my video blogging addiction. Perhaps one of the most important things was that they encouraged me and put faith in me. I owe a lot to them.

Last but not least there are the non-infosec’ers like Jim Shields (@JimShout) and my daughter who is best known by the handle “Girl Cynic” from our infosec videos.

When it comes to mentors, is important to also choose ones that are outside of the direct field you are working in because they come with perspectives and opinions from outside of the echo chamber we live in. To that end, I’ve probably leeched enough information out of Jim to do a Masters degree, and he is brutally honesty and has a genuine desire to improve infosec without being a subject matter expert, which is great.

I couldn’t leave out my daughter Girl Cynic, who has been my biggest supporter within the house, and it’s so nice having someone nearby you can bounce crazy ideas off and get in return even crazier ideas… I probably learned more from her about life and what’s important than she’s never learned from me. Like most parents, I never want her to grow up.

*   *   *

In the next installment, we will look at the mentors who are current or former employers or supervisors who had a deep impact on our respondent’s knowledge base and subsequent career choices…

Related Articles:


P.S. Have you met John Powers, supernatural CISO?


Title image courtesy of ShutterStock